Hi there
i have the following Network Setup (all Servers are 2008 R2 with SP)
If i try to Join the DB Server to our Domain via offline Join(DJOIN) everything is working fine.
But if i try to join the Clients to our Domain, the login fails with the message "no authentification servers available"
I also checked the network logs via wireshark and i found this
CLIENT ->RODC DNS 97 Standard
query 0xea67 SRV _kerberos._tcp.dc._msdcs.Domäne
RODC -> CLIENT DNS 200 Standard
query response 0xea67 SRV 0 100 88 DC2.DOMÄNE SRV 0 100 88 DC.DOMÄNE
After that the client seems to try to reach our DC via CLDAP(which is not allowed on the firewall)
CLIENT ->DC CLDAP 207 searchRequest(6987)"<ROOT>" baseObject
Is that normal? i thought the clients only need a connection to the RODC Server, and the RODC Server is going to make the LDAP Connection to the DCs.